[VIM] CVE Dupe? (2005-0756 & 2005-1762)
security curmudgeon
jericho at attrition.org
Mon Jun 27 20:49:25 EDT 2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0756
ptrace 2.6.8.1 does not properly verify addresses on the amd64 platform,
which allows local users to cause a denial of service (kernel crash)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1762
(reserved)
but:
http://www.ubuntulinux.org/support/documentation/usn/usn-143-1
A Denial of Service vulnerability has been discovered in the ptrace()
call on the amd64 platform. By calling ptrace() with specially crafted
("non-canonical") addresses, a local attacker could cause the kernel
to crash. This only affects the amd64 platform. (CAN-2005-1762)
At first glance, 0756 seems to cover 'ptrace' the utility. If that is the
case, almost everyone is referencing it incorrectly as "Linux Kernel
ptrace() function". If it is indeed referring to the ptrace function, then
these two issues seem very close. Both linux kernel, both on amd64
specifically, both DoS, both with ptrace() function, both via "address
validation" issues.
More information about the VIM
mailing list